Senator Al Franken (D-MN) recently sent a letter to Apple’s CEO, Tim Cook, expressing concern over the new Touch ID fingerprint sensor built into the iPhone 5S, which went on sale earlier today. In the letter (PDF), the Senator who is also the Chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, says he is an iPhone owner and is concerned about the use of fingerprints to unlock the device. He mentions the following in his letter regarding the matter:

It's clear to me that Apple has worked hard to secure this technology and implement it responsibly. The iPhone 5S reportedly stores fingerprint data locally "on the chip" and in an encrypted format. It also blocks third-party apps from accessing Touch ID. Yet important questions remain about how this technology works, Apple's future plans for this technology, and the legal protections that Apple will afford it. I should add that regardless of how carefully Apple implements fingerprint technology, this decision will surely pave the way for its peers and smaller competitors to adopt biometric technology, with varying protections for privacy.

In his letter, Franken goes on to ask twelve separate questions of Cook, four of which include the following:

If it's possible to convert locally-stored fingerprint data into a format that can be used by third parties.

If it's possible to extract and obtain fingerprint data from an iPhone 5s either remotely or with physical access to the device.

What diagnostic information the iPhone 5s sends to Apple about the Touch ID system.

Whether Apple considers fingerprint data to be the "subscriber information" or "electronic communication transactional records", the "contents" of communications, customer or subscriber records, or a "subscriber number or identity" as defined in the Stored Communications Act, or a "tangible thing" as defined in the USA PATRIOT Act.

The other group of questions relates to when and if Apple could be required to disclose fingerprint information to US Government law enforcement agencies. Apple for its part has posted an extensive knowledge base article about the security benefits of the Touch ID system, though it only discloses broad details about how the iPhone 5S stores fingerprint data, but nevertheless, it may answer some of the questions that Senator Franken had asked:

Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and as well as the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it and it can't be used to match against other fingerprint databases.

The Senator gave Apple thirty days to answer the questions and although it isn’t a subpoena (meaning Apple isn’t required to respond), the company is likely to cooperate. This isn’t the first time that Senator Franken has interacted with Apple either – in 2011, he asked both Apple and Google to require clear privacy policies for apps sold in their app stores. He also introduced a bill to help protect customer location data as well.

Apple said it received 4,000 to 5,000 requests for customer data from the NSA during the six months ending in May of this year. The requests involved 9,000 to 10,000 customer accounts or devices. Secured my ***, I don't trust Apple when it comes security.

Apple said it received 4,000 to 5,000 requests for customer data from the NSA during the six months ending in May of this year. The requests involved 9,000 to 10,000 customer accounts or devices. Secured my ***, I don't trust Apple when it comes security.

Frankly i don't trust anybody. I don't think i want a phone with bio-metric fingerprint scanners. A password you can change if hacked... how do you change a fingerprint? and trust me. someone in the world will figure a way out to get people's fingerprints.

I get some people are concerned about fingerprint data and such. But I think Apple has gone through great lengths to protect the sensitive information. But let's be honest, if someone DOES happen to get hold of your phone, and DOES know how to hack into it, and DOES know how to decode the fingerprint information (that apparently can't be mathematically reversed), what are they going to do with it? It's not like they can take your fingerprint to the bank for a withdraw. I think it's easier for someone to dig through your trash and find your social security number than it is to do this. And they can do more with your social security number than your fingerprint.

The Following User Says Thank You to tridley68 For This Useful Post:

I think what you will see is someone trying different ways to fake a fingerprint (like in the movie National Treasure) and see if it works. then we will have "fingerprintgate" and all hell will break loose

Well i can see how people may be concerned and such. But for myself? I am not worried about it! I was in the Army, so they have my prints already and then had been cleared for TSA for transporting HAZMAT when i was truck driving.